for API, Web applications different technologies and types
how we work
On the Pre-engagement phase we'll discus the type of testing you would like to get (Vulnerability Assessment, Penetration Testing, Automated Scan), the scope of testing, schedule, reporting, contact points and so on.
During the Security Testing phase we'll identify a web application security weaknesses. The testing process is based on OWASP Application Security Verification Standard and OWASP Web Security Testing Guide.
Reporting phase embrace collecting all findings and formatting them for presenting. Depending on agreement on the first phase it migh be document, presentation, or tickets in your bug tracking system (like JIRA). All findings will be risk and severity classified. Also we'll provide remediation and development best practices to eliminate such kind of issues in the future. Download Web Application Sample Report.
In this phase we'll verify security fix implementation for discovered issues to prevent exploiting weakness in the fix.
we provide following
Black-box testing is conducted without the tester's having any information about the app being tested. This process is sometimes called "zero-knowledge testing." The main purpose of this test is allowing the tester to behave like a real attacker in the sense of exploring possible uses for publicly available and discoverable information.
Gray-box testing is all testing that falls in between the two aforementioned testing types: some information is provided to the tester (usually credentials only), and other information is intended to be discovered. This type of testing is an interesting compromise in the number of test cases, the cost, the speed, and the scope of testing. Gray-box testing is the most common kind of testing in the security industry.
White-box testing (sometimes called "full knowledge testing") is the total opposite of black-box testing in the sense that the tester has full knowledge of the app. The knowledge may encompass source code, documentation, and diagrams. This approach allows much faster testing than black-box testing due to it's transparency and with the additional knowledge gained a tester can build much more sophisticated and granular test cases.